Unrated severityNVD Advisory· Published Nov 11, 2019· Updated Aug 5, 2024
CVE-2019-18849
CVE-2019-18849
Description
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- tnef/tnefdescription
- Range: <1.4.18
Patches
Vulnerability mechanics
References
7- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4524-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/verdammelt/tnef/compare/1.4.17...1.4.18mitrex_refsource_MISC
- github.com/verdammelt/tnef/pull/40mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/11/msg00035.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2021/08/msg00025.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.